First published: Tue Sep 06 2011(Updated: )
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenSSL OpenSSL | =1.0.0c | |
OpenSSL OpenSSL | =1.0.0-beta1 | |
OpenSSL OpenSSL | =1.0.0-beta2 | |
OpenSSL OpenSSL | =1.0.0-beta3 | |
OpenSSL OpenSSL | =1.0.0d | |
OpenSSL OpenSSL | =1.0.0-beta4 | |
OpenSSL OpenSSL | =1.0.0 | |
OpenSSL OpenSSL | =1.0.0-beta5 | |
OpenSSL OpenSSL | =1.0.0a | |
OpenSSL OpenSSL | =1.0.0b | |
redhat/openssl | <1.0.0 | 1.0.0 |
redhat/openssl | <0:1.0.0-10.el6_1.5 | 0:1.0.0-10.el6_1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.